From patchwork Tue Nov 2 04:23:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [Openvpn-devel] Fix tls-version-min default once again X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2053 Message-Id: <20211102042314.19113-1-selva.nair@gmail.com> To: openvpn-devel@lists.sourceforge.net Date: Tue, 2 Nov 2021 00:23:14 -0400 From: selva.nair@gmail.com List-Id: From: Selva Nair commit 51be733ba236610dff6a1c361cf59172db97473a claimed to correct this but did not do it properly. (my fault). The check whether tls-version-min is set by the user or not was still wrong. Hope this fixes it for good. Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/options.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 4a5db8a6..6b15d898 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3165,7 +3165,9 @@ static void options_set_backwards_compatible_options(struct options *o) { /* TLS min version is not set */ - if ((o->ssl_flags & SSLF_TLS_VERSION_MIN_MASK) == 0) + int tls_ver_min = (o->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) + & SSLF_TLS_VERSION_MIN_MASK; + if (tls_ver_min == 0) { int tls_ver_max = (o->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK;